2. Policy Implementation
|1. Policy Development||2. Policy Implementation||3. Operations|
||5. Oversight||6. Redress|
|7. Outreach||8. Coordination||9. SME|
Information Sources and Labels
Ensuring that the public's PII is protected requires that the fusion center handle PII and Sensitive PII appropriately. One technique to ensure adequate protection of PII and other information that a fusion enter may collect is to appropriately label the information. Ensuring that information can only be accessed by individuals who have a reason is another way to protect the public.
Information Sharing and Dissemination
In order to ensure that privacy concerns are addressed prior to the dissemination of products and bulletins (2pp | 3mb | PDF), the P/CRCL Officer should develop procedures for P/CRCL protections. Some examples of procedures that a P/CRCL Officer could implement include periodic training, product review, and oversight of nondisclosure agreements.
A P/CRCL Officer should periodically review information collected and/or gathered by analysts and purge information that is no longer needed or expunge information that violates an individual's civil rights or civil liberties.
Reviews new or enhanced programs for privacy issues
A P/CRCL Officer should have a basic understanding of authentication and role-based credentials. Having a background in these, as well as other technology issues, will allow you to ask the right questions when your fusion center is considering utilizing a new IT systems and other technologies.
Use the Privacy Impact Assessment (PIA) and the Guide to Conducting PIAs for State, Local, and Tribal Information Sharing Initiatives (38pp | 1mb | PDF), as tools to identify and mitigate privacy risks at the beginning of and throughout the development life cycle of a program or system.
Start by consulting the Guide to Conducting Privacy Impact Assessments for State, Local, and Tribal Justice Entities (60pp | 2.3mb | PDF). It provides a framework with which to examine the privacy implications of information systems and information sharing collaborations so that policies address the vulnerabilities identified through the assessment process. The guide's template is designed to reflect the same policy concepts as those recommended in the Privacy, Civil Rights, and Civil Liberties Policy Development Guide for State, Local, and Tribal Justice Entities (194pp | 13mb | PDF).
P/CRCL in IT Systems
The DHS Privacy Technology Implementation Guide (36pp | 358kb | PDF) and Global's Fusion Center Technology Resources Road Map (18pp | 1.4mb | PDF) are a general guides for technology managers and developers to integrate privacy protections into operational IT systems. Specific information on Justice Agency Use of Biometrics (4pp | 591kb | PDF) and Information Quality Risk guidance has been developed to guide your use of this specialized technology.
Training, Business Process, and Systems Design
Similar to developing a Privacy Impact Statement, you should draft and implement a Civil Liberties Impact Assessment (CLIA). Developing a CLIA will assist in ensuring that your fusion center has a meaningful plan to address potential civil liberties issues.
A variety of resources exist to provide general implementation guidance. Practical Implementation Resources are available by clicking on the different categories. The ISE Key Issues Guidance (54pp | 480kb | PDF) document provides a comprehensive overview of Privacy Guidelines in the ISE. Best practices and success stories on implementation can also provide ideas for how to best implement your fusion center's P/CRCL Policy.